So at the beginning of the month we blogged about the first fine to be handed out by the ICO for inaccurate use of personal data. In this blog we spoke about Prudential’s bill of £50,000 for a consistent error in identity.
Heading towards the middle of the month it has emerged that an NHS trust is to be the first public sector organisation to challenge the monetary penalty notice issued by the ICO.
The fine was issued by the ICO after the NHS trust voluntarily reported the breach. The dispute has occurred because of organisations with a weak data protection structure are offered a consensual assessment by the ICO – if the ICO find any data breaches in this assessment they cannot give the organisation a monetary fine. The NHS trust’s lawyers are going to be arguing on the 3 December that organisations that voluntarily report data breaches and cooperate with the ICO during its investigations should receive the same immunity from a monetary penalty as those organisations that receive consensual assessments.
What are your views on this?
Do you think by admitting a breach you should be immune from the monetary penalty?
Let us have a guess of how November intends to end…’with a hey and a hee and a ICO!’